cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
370
Views
0
Helpful
1
Replies

Applying ACLs (PIX 506E)

jaisol
Level 1
Level 1

I have a group defined for internal Hosts:

object-group network Dep_RH_Hosts

network-object host 10.195.190.2

network-object host 10.195.190.5

network-object host 10.195.190.8

... (plus 32 hosts)

I have too a group for external IP addresses:

object-group network Empleos_Hosts

network-object 66.246.213.0 255.255.255.0

network-object 72.36.137.0 255.255.255.0

network-object 216.72.4.0 255.255.255.0

network-object 200.41.9.0 255.255.255.0

How can permit just to internal hosts group to access external IP addresses?

I could use:

access-list 100 permit ip any object-group Empleos_Hosts

to give access to everyone but I need to give access just for internal group mentioned above.

THANKS!

8006283427

1 Reply 1

mostiguy
Level 6
Level 6

access-list permit ip object-group dep_rh_hosts....

will determine what the source hosts are, so if you want those hosts to have unlimited outbound access :

access-list permit ip object-group dep_rh_hosts any

will work. If you want the internal host group to only have access to the external host group:

access-list permit ip object-group dep_rh_hosts object-group empleos_hosts

Review Cisco Networking for a $25 gift card